Among the major areas cited in the Trustworthy Computing Solicitation is theevaluation of the security of proposed systems. One approach to evaluation is through testbeds, such as the NSF-sponsored DETER, ORBIT, and GENI systems. But having a testbed is just one part of the evaluation process, the other being the running of believable and credible experiments.
The purpose of this workshop is to deliberate on what it takes to create and execute believable experiments related to security.
The workshop, called Workshop on Cyber Experimentation and Test (CSET) is the second in a series that is likely to continue.
The PI, also the organizer of the workshop, has identified three classes of experiments, related to:
- Scale: by their nature, testbeds will never have the resources needed for experiments that, say, are of Internet scale. So, the experiments must be scaled down to reflect the size of the testbed.
- Multi-party nature: Testbeds are becoming increasingly decentralized, which impacts the approach to running experiments and to interpreting results.
- Risk: Security experiments often involve dangerous code (malware) that must be contained and that must be guaranteed not to endanger the testbed.
These and other fundamental issues will be deliberated on during the workshop.
The funds requested would be used to reimburse the expenses of graduate and undergraduate students. The workshop is to take place on Aug. 10, 2009, in conjunction with USENIX Security, one of the four preeminent security research conferences.